Vulnerability Description
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Last.Fm Rotation Plugin Project | Lastfm-Rotation Plugin | 1.0 |
Related Weaknesses (CWE)
References
- http://codevigilant.com/disclosure/wp-plugin-lastfm-rotation-local-file-inclusioExploit
- http://codevigilant.com/disclosure/wp-plugin-lastfm-rotation-local-file-inclusioExploit
FAQ
What is CVE-2014-5181?
CVE-2014-5181 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode...
How severe is CVE-2014-5181?
CVE-2014-5181 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5181?
Check the references section above for vendor advisories and patch information. Affected products include: Last.Fm Rotation Plugin Project Lastfm-Rotation Plugin.